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WHAT IS CLAIMED IS: 

5 1. A security system for secure printing of value-bearing 

items in a wide area computer network comprising: 

a plurality of user terminals coupled to the computer 

network; 

a database including information about one or more users 
10 using the plurality of terminals; 

a cryptographic device remote from the plurality of user 
terminals and coupled to the computer network, wherein the 

cryptographic device includes a computer executable code for 

f 

authenticating one or more users; and y 
15 a plurality of security device transaction data stored in 

the database for ensuring authenticity of the one or more users, 
wherein each security device transaction data is related to a user. 

2. The system of claim 1, wherein the security device 

2 0 transaction data related to a user is loaded into the cryptographic 

device when the user requests to operate on a value bearing item. 

3. The system of claim 1, wherein the cryptographic device 
authenticates the identity of each user and verifies that the 

25 identified user is authorized to assume a role and perform a 
corresponding operation. 

4. The system of claim 3, wherein the assumed role is a 
security officer role to initiate a key management function. 

30 

5. The system of claim 3, wherein the assumed role is a key 
custodian role to take possession of shares of keys. 

6. The system of claim 3, wherein the assumed role is an 
35 administrator role to manage a user access control database. 
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7. The system of claim 3, wherein the assumed role is an 
auditor role to manage audit logs . 

5 

8. The system of claim 3, wherein the assumed role is a 
provider role to withdraw from a user account. 

9. The system of claim 3, wherein the assumed role is a user 
10 role to operate on a VBI . 

10. The system of claim 3, wherein the assumed role is a 
certificate authority role to allow a public key certificate to be 
loaded and verified. 

15 

11. The system of claim 3, wherein the cryptographic device 
includes a state machine for determining a state corresponding to 
availability of one or more commands in conjunction with the role. 

20 12. The system of claim 1, wherein the cryptographic device 

includes a data validation subsystem and an auto-recovery subsystem 
for allowing the device to verify that data is up to date and to 
automatically re-synchronize the device with the data. 

25 13. The system of claim 1, wherein the cryptographic device is 

stateless . 

14. The system of claim 1, wherein the cryptographic device 
includes a computer executable code for preventing unauthorized 

30 modification of data. 

15. The system of claim 14, wherein the computer executable 
code prevents the unauthorized modification, substitution, insertion, 
and deletion of related data and cryptographically critical security 

35 parameters. 
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24. The system of claim 1, wherein the database includes data 
for creating one or more indicium, account maintenance, and revenue 

5 protection. 

25. The system of claim 24, wherein the data includes virtual 
meter information. 



10 26. The system of claim 24, wherein the data includes ascending 

and descending registers data. 

27. The system of claim 1, wherein the value bearing item is 
a mail piece . 

28. The system of claim 27, wherein the mail piece includes a 
digital signature. 

29. The system of claim 1, wherein the cryptographic device 
encrypts validation information according to a user request for 
printing a VBI. 

30. The system of claim 27, wherein 'the cryptographic device 
generates data sufficient to print a postal indicium in compliance 
with postal service regulation on the mail piece. 

31. The system of claim 1, wherein the value bearing item is 
a ticket. 

30 32.. The system of claim 1, wherein a bar code is printed on the 

value bearing item. 

33. The system of claim 1, wherein the value bearing item is 
a coupon . 

35 
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34. The system of claim 1, wherein the value bearing item is 
currency. 

5 

35. The system of claim 1, wherein the value bearing item is 
a voucher. 

36. The system of claim 1, wherein the value bearing item is 
10 a traveler's check. 

37. The system of claim 1, wherein each security device 
transaction data includes one or more of an ascending register value, 
a descending register value, a respective cryptographic device ID, an 

15 indicium. key certificate serial number, a licensing ZIP code, a key 
token for an indicium signing key, user secrets, a key for encrypting 
user secrets, data and time of last transaction, last challenge 
received from a respective client subsystem, an operational state of 
the respective device, expiration dates for keys, and a passphrase 

2 0 repetition list. 

38. The system of claim 1, wherein each security device 
transaction data includes one or more of a private key, a public key, 
and a public key certificate, wherein the private key is used to sign 

25 device status responses and a VBI which, in conjunction with a public 
key certificate, demonstrates that the device and the VBI are 
authentic. 

39. The system of claim 1 further comprising at least one more 

3 0 cryptographic device remote from the plurality of user terminals 

coupled to the computer network, wherein the at least one more 
cryptographic device includes a computer executable code for 
authenticating any of the plurality of users. 

35 
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48. The system of claim 47, wherein the command corresponding 
to the operational state comprises commands for one or more of access 

5 control, session management, key management, and audit support. 

49. The system of claim 1, wherein the cryptographic device is 
capable of performing one or more of Rivest, Shamir and Adleman (RSA) 
public key encryption, DES, Triple-DES, DSA signature, SHA-1, and 

10 Pseudo-random number generation algorithms. 

50. A method for secure printing of value-bearing items over 
a computer network having a plurality of user terminals, the method 
comprising the steps of: 

15 storing information about a plurality of users using the 

plurality of terminals in a database remote from the plurality of 
user terminals; 

securing the information about the users in the database 
by one or more of cryptographic devices remote from the plurality of 
20 user terminals; and 

storing a plurality of security device transaction data in 
the database, wherein each transaction data is related to one of the 
plurality of users. 

25 51. The method of claim 50 further comprising the step of 

loading a security device transaction data related to a user into one 
of the one or. more of cryptographic devices when the user requests to 
operate on a value bearing item. 

30 52. The method of claim 50 further comprising the step of 

authenticating the identity of each user. 

53. The method of claim 52 further comprising the step of 
verifying that the requesting user is authorized to assume a role and 
35 to perform a corresponding operation. 
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16. The system of claim 1, wherein the cryptographic device 
includes a computer executable code for preventing unauthorized 
5 disclosure of data. 

/ 17. The system of claim 16, wherein the data includes non- 
public contents of a postage meter, including plaintext cryptographic 
keys and other critical security parameters . 

10 

7 18. The system of claim 1, wherein the cryptographic device 
includes a computer executable code for ensuring the proper operation 
of cryptographic security and VBI related meter functions. 

15 19. The system of claim 1, wherein the cryptographic device 

includes a computer executable code for detecting errors and 
preventing a compromise of the transaction data or critical 
cryptographic security parameters as a result of the errors. 

20 20. The system of claim 1, wherein at least one of the users 

is an enterprise account. 

21. The system of claim 3, wherein the cryptographic device 
includes a computer executable code for supporting multiple 

25 concurrent users and maintaining a separation of roles and operations 
performed by each user. 

22. The system of claim 1, wherein the cryptographic device 
stores information about a number of last transactions in a 

30 respective internal register. 

23. The system of claim 22, wherein the database stores a table 
including the respective information about a last transaction, a 
verification module to compare the information saved in the device 

35 with the information saved in the database. 
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40. The system of claim 39, wherein the cryptographic device 
shares a secret with the at least one more cryptographic device. 

'5 

41. The system of claim 39, wherein one of the plurality of 
cryptographic devices is a master device and generates a master key 
set (MKS). 

10 42. The system of claim 41, wherein the MKS includes a Master 

Encryption Key (MEK) used to encrypt keys when stored outside the 
device . 

43. The system of claim 42, wherein the MKS further includes 
15 a Master Authentication Key (MAK) used to compute a DES MAC for 

signing keys when stored outside of the device. 

44. .The system of claim 41, wherein the MKS is exported to 
other cryptographic devices by any cryptographic device. 

20 

45. The system of claim 1, wherein the database includes a user 
profile for a subset of the plurality of users. 

46. The system of claim 45, wherein the user profile includes 

2 5 username, user role, password, logon failure count, logon failure 

limit, logon time-out limit, account expiration, password expiration, 
and password period. 

47. The system of claim 11, wherein the state machine includes 
30 one or more of an uninitialized state, an initialized state, an 

operational state, an administrative state, an exporting, shares 
state, an importing shares state, and an error state. 

35 
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54. The method of claim 53, wherein the assumed role is a 
security officer role and the corresponding command is initiating a 
5 key management function. 

- 55. The method of claim 53, wherein the assumed role is an 
administrator role to manage a user access control. 

10 56. The method of claim 53 , wherein the assumed role is an 

auditor role to manage audit logs. 

57. The method of claim 53, wherein the assumed role is a 
provider role to authorize increasing credit for a user account. 

15 

58. The method of claim 53, wherein the assumed role is a user 
role to perform expected IBIP postal meter operations. 

59. . The method of claim 53, wherein the assumed role is a 

2 0 certificate authority role to allow a public key certificate to be 

loaded and verified. 

60. The method of claim 53, further comprising the step of 
determining a state corresponding to availability of one or more 

2 5 commands in conjunction with the roles. 

61. The method of claim 60, wherein the state machine includes 
one or more of . an uninitialized state, an initialized state, an 
operational state, an administrative state, an exporting shares 

30 state, an importing shares state, and an error state. 

62. The method of claim 50, further comprising the steps of 
verifying that the database is up to date. 

35 
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63. The method of claim 62, further comprising the steps of 
automatically re-synchronizing each of the cryptographic devices with 

5 the database . 

64. . The method of claim 50, further comprising the step of 
preventing unauthorized modification of data. 

10 65. The method of claim 64, wherein the step of preventing 

comprises, preventing unauthorized modification, substitution, 
insertion, and deletion of postage related data and cryptographically 
critical security parameters. 

15 66. The method of claim 50, further comprising the step of 

preventing unauthorized disclosure of data. 

67. The method of claim 50, further comprising the step of 
ensuring the proper operation of cryptographic security and VBI 

2 0 related meter functions. 

68. The method of claim 50, further comprising the steps of 
detecting errors and preventing a compromise of the transaction data 
or critical cryptographic security parameters as a result of the 

25 errors. 

69. The method of claim 53, further comprising the steps of 
supporting multiple concurrent operators and maintaining a separation 
of roles and operations performed by each operator. 

30 

70. The method of claim 50, further comprising the steps of: 
storing information about a number of last transactions in 

a respective internal register of each of the one or more 
cryptographic devices; 
35 storing a table including the information about a last 
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transaction in the database; 

comparing the information saved in the respective device 
5 with the respective information saved in the database; and 

loading a new transaction data if the respective 
information stored in the device compares with the respective 
information stored in the database. 

10 71. The method of claim 50, further comprising the step of 

storing data for creating an indicium, account maintenance, and 
revenue protection. 

72. The method of claim 50, further comprising the step of 
15 printing a mail piece. 

73. The method of claim 72, wherein the mail piece includes a 
digital signature . 

2 0 74. The method of claim 72, wherein the mail piece includes a 

postage amount. 

75. The method of claim 72, wherein the mail piece includes an 
ascending register of used postage and descending register of 

25 available postage. 

76. The method of claim 50, further comprising the step of 
printing a ticket. 

30 77. The method of claim 50, further comprising the step of 

printing a bar code. 

78. The method of claim 50, further comprising the step of 
printing a coupon. 

35 
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79. The method of claim 50, further comprising the step of 
printing currency. 

5 

80. The method of claim 50, further comprising the step of 
printing a voucher. 

81. The method of claim 50, further comprising the step of 
10 printing a traveler's check. 

82. The method of claim 50, wherein the security device 
transaction data includes an ascending register value, a descending 
register value, a respective cryptographic device ID, an indicium key 

15 certificate serial number, a licensing ZIP code, a key token for an 
indicium signing key, user secrets, a key for encrypting user 
secrets, data and time of last transaction, last challenge received 
from a respective client subsystem, an operational state of the 
respective device, expiration dates for keys, and a passphrase 

20 repetition list. 

83. The method of claim 50, further comprising the step of 
using a private key to sign device status responses and the VBI 
which, in conjunction with a public key certificate, demonstrates 

2 5 that the device and the VBI are authentic. 

84. The method of claim 50, further comprising the step of 
sharing a secret with any of the other devices. 

30 85. The method of claim 50, further comprising the step of 

generating a master key set (MKS) . 

86. The method of claim 85, wherein the step of generating the 
MKS comprises the steps of generating a Master Encryption Key (MEK) 
35 used to encrypt keys when stored outside the device. 
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87. The method of claim 86, further comprising the step of 
generating a Master Authentication Key (MAK) used to compute a DES 

5 MAC for signing keys when stored outside of the device. 

88. The method of claim 85, further comprising the step of 
exporting the MKS to other cryptographic devices by any cryptographic 
device . 

10 

89. The method of claim 50, further comprising the step of 
storing a user profile for a subset of the plurality of users. 

90. The method of claim 80, wherein the user profile includes 
15 username, user role, password, logon failure count, logon failure 

limit, logon time-out limit, account expiration, password expiration, 
and password period 

91. The method of claim 50, further comprising the step of 
20 performing one or more of Rives t, Shamir and Adleman (RSA) public key 

encryption, DES, Triple-DES, DSA signature, SHA-1, and Pseudo-random 
number generation algorithms by each of the cryptographic devices . 

92 . A system for secure processing of value-bearing items 
25 (VBIs) in a computer network comprising: 

a plurality of user terminals coupled to the computer 

network; 

a database coupled to the network and remote from the 
plurality of user terminals for storing information about one or more 
30 users using the plurality of terminals; and 

a server system coupled to the network including a 
cryptographic device for performing secure VBI functions utilizing 
the information stored in the database. 

35 
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93. The system of claim 92 , wherein at least one of the users 
is an enterprise account. 

5 

94. The system of claim 92, further comprising a plurality of 
security device transaction data stored in the database for ensuring 
authenticity and authority of each of the plurality of users, wherein 
each transaction data is related to one of the plurality of users and 

10 the security device transaction data related to a user is loaded into 
the cryptographic device when the user requests a VBI function. 

95. The system of claim 92, wherein the cryptographic device 
authenticates the identity of each user and verifies that the 

15 identified user is authorized to assume a role and perform a 
corresponding operation. 

96. . The system of claim 95, wherein the assumed role is an 
administrator role to manage a user access control database. 

20 

97. The system of claim 95, wherein the assumed role is a 
provider role to authorize increasing credit for a user account. 

98. The system of claim 95, wherein the assumed role is a user 
25 role to perform expected IBIP postal meter operations. 

99. The system of claim 92, wherein the cryptographic device 
stores information about a number of last transactions in a 
respective internal register, the database stores a table including 

30 the respective information about a last transaction, a verification 
module to compare the information saved in the device with the 
information saved in the table. 

100. The system of claim 92, wherein the database includes data 
35 for creating indicium, account maintenance, and revenue protection. 
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101. The system of claim 92, wherein the value bearing item is 
a mail piece. 



5 



102. The system of claim 92, wherein the mail piece includes a 
digital signature. 

103. The system of claim 92, wherein the mail piece includes a 
10 postage amount. 

104. The system of claim 92, wherein the mail piece includes an 
ascending register of used postage and descending register of 
available postage. 



105. The system of claim 92, wherein the value bearing item is 
a ticket. 

106. The system of claim 92, wherein the value bearing item 
2 0 includes a bar code. 

107. The system of claim 92, wherein the value bearing item is 
a coupon. 

25 108. The system of claim 92, wherein the value bearing item is 



a voucher. 

30 

110. The system of claim 92, wherein the value bearing item is 
a traveler's check. 



35 transaction data includes an ascending register value, a descending 



15 



currency. 



109. 



The system of claim 92, wherein the value bearing item is 



111. The system of claim 92, wherein each security device 
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register value, a respective cryptographic device ID, an indicium key 
certificate serial number, a licensing ZIP code, a key token for an 
5 indicium signing key, user secrets, a key for encrypting user 
secrets, data and time of last . transaction, last challenge received 
from a respective client subsystem, an operational state of the 
respective device, expiration dates for keys, and a passphrase 
repetition list. 

10 

112. The system of claim 92, wherein each security device 
transaction data includes a private key, a public key, and a public 
key certificate, wherein the private key is used to sign device 
status responses and a VBI. which, in conjunction with a public key 

15 certificate, demonstrates that the device and the VBI are authentic. 

113. The system of claim 92, wherein the cryptographic device 
is capable of performing one or more of Rivest, Shamir and Adleman 
(RSA) public key encryption, DES, Triple-DES, DSA signature, SHA-1, 

20 and Pseudo-random number generation algorithms. 

114. The system of claim 92, wherein the cryptographic device 
protects data using a stored secret. 

25 115. The system of claim 114, wherein the secret is a password. 

116. The system of claim 114, wherein the secret is a 
public/private key pair. 

30 117. A method for secure processing of value-bearing items 

(VBIs) in a computer network including a plurality of user terminals 
the method comprising the steps of: 

storing information about one or more users using the 
plurality of terminals in a database coupled to the network and 

35 remote from the plurality of user terminals; and 
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performing secure VBI functions utilizing the information 
stored in the database by a cryptographic device remote from the 
5 plurality of user terminals. 

118. The method of claim 117 further comprising the step of 
storing a plurality of security device transaction data in the 
database wherein, each transaction data is related to one of the 

10 plurality of users. 

119. The method of claim 118 further comprising the step of 
loading a security device transaction data related to the 
cryptographic device when the user requests to operate on a VBI . 

15 

120. The method of claim 117 further comprising the steps , of 
authenticating the identity of each user and verifying that the 
identified user is authorized to assume a role and to perform a 
corresponding operation. 

20 

121. The method of claim 120, wherein the assumed role is an 
administrator role to manage a user access control. 

122. The method of claim 120, wherein the assumed role is a 

2 5 provider role to authorize increasing credit for a user account. 

123. The method of claim 120, wherein the assumed role is a user 
role to perform expected IBIP postal meter operations. 

30 124. The method of claim 117, further comprising the step of 

printing a postage value including a postal indicium. 

125. The method of claim 124, wherein the postal indicium 
comprises a digital signature. 

35 
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126. The method of claim 124 , wherein the postal indicium 
comprises a postage amount. 

5 

127. The method of claim 124, wherein the postal indicium 
comprises an ascending register of used postage and descending 
register of available postage. 

10 128. The method of claim 117, further comprising the step of 

printing a ticket. 

129. The method of claim 117, further comprising the step of 
printing a bar code. 

15 

• 130. The method of claim 117, further comprising the step of 
printing a coupon. 

131. A method for secure processing of a value bearing item on 

2 0 a computer network having a plurality of users using a plurality of 

computer terminals for connecting to the network and a plurality of 
cryptographic devices remote from the users and coupled to the 
network, each cryptographic device executing a plurality of security 
device transactions, the method comprising the steps of: 
2 5 requesting by a user authorization for a role; 

assigning a security device transaction data to the 
requesting user, wherein the security device transaction data may be 
executed on any of the plurality of cryptographic devices; 

authenticating the identity of the user; 
30 granting the requested role; 

issuing a command that is available for the requested role; 

and 

executing the issued command. 

35 
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132. The method of claim 131, wherein at least one of the users 
is an enterprise account. 

5 

133. The method of claim 131, wherein the requested role is a 
provider role to authorize increasing credit for a user account. 

134. The method of claim 131, wherein the requested role is a 
10 user role to perform expected IBIP postal meter operations. 

135. The method of claim 131, wherein the requested role is a 
certificate authority role to allow a public key certificate to be 
loaded and verified. 

15 

136. The method of claim 131, further comprising the step of 
preventing unauthorized and undetected modification of data, 
including the unauthorized modification, substitution, insertion, and 
deletion of postage related data and cryptographically critical 

2 0 security parameters. 

137. The method of claim 131, further comprising the step of 
preventing unauthorized disclosure of non-public contents of a 
postage meter, including plaintext cryptographic keys and other 

2 5 critical security parameters. 

138. The method of claim 131, further comprising the step of 
ensuring the proper operation of cryptographic security and VBI 
related meter functions. 

30 

139. The method of claim 131, further comprising the steps of 
detecting errors and preventing a~ compromise of the transaction data 
and critical cryptographic security parameters as a result of the 
errors. 

35 
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140. The method of claim 131, further comprising the step of 
providing indications of an operational state of a VBI meter. 

5 

141. The method of claim 131 , further comprising the steps of 
supporting multiple concurrent operators and maintaining a separation 
of roles and operations performed by each operator. 

10 142. The method of claim 131, further comprising the steps of: 

storing information about a number of last transactions in 
a respective internal register of each cryptographic device; 

storing a table including the information about a last 
transaction in the database; and 
15 comparing the information saved in the respective device 

with the respective information saved in the database. 

143. The method of claim 142, further comprising the step of 
loading a new transaction data if the respective information stored 

2 0 in the device compares with the respective information stored in the 

database . 

144. The method of claim 131, further comprising the step of 
storing data for creating indicium, account maintenance, and revenue 

2 5 protection. 

145. The method of claim 131, further comprising the step of 
printing a postage value including a postal indicium. 

3 0 14 6. The method of claim 145, wherein the postal indicium 

comprises a digital signature. 

147. The method of claim 145, wherein the postal indicium 
comprises a postage amount. 

35 



-105- 



36531/RRT/S850 



148. The method of claim 145, wherein the postal indicium 
comprises an ascending register of used postage and a descending 
5 register of available postage. 

14 9. The method of claim 131, further comprising the step of 
printing a ticket. 

10 150. The method of claim 131, further comprising the step of 

printing a bar code. 

151. The method of claim 131, further comprising the step of 
printing an image. 

15 

152. The method of claim 131, further comprising the step of 
printing a coupon. 

153. The method of claim 131, further comprising the step of 
2 0 printing currency. 

154. The method of claim 131, further comprising the step of 
printing a voucher. 

2 5 .155. The method of claim 131, further comprising the step of 

printing a traveler's check. 

156. The method of claim 131, wherein the security device 
transaction data includes an ascending register value, a descending 

30 register value, a respective cryptographic device ID, an indicium key 
certificate serial number, a licensing ZIP code, a key token for an 
indicium signing key, user secrets, a key for encrypting user 
secrets, data and time of last transaction, last challenge received 
from a respective client subsystem, an operational state of the 

35 respective device, expiration dates for keys, and a passphrase 
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repetition list. 

5 157. The method of claim 131, further comprising the step of 

using a private key to sign device status responses and the VBI 
which, in conjunction with a public key certificate, demonstrates 
that the device and the VBI are authentic. 

10 158. The method of claim 131, further comprising the step of 

sharing a secret with all the other devices . 

159. The method of -claim 158, wherein the secret is a password. 

15 160. The method of claim 158, wherein the secret is a 

public/private key pair. 

161. The method of claim 131, further comprising the step of 
performing one or more of Rivest, Shamir and Adleman (RSA) public key 

2 0 encryption, DES, Triple-DES, DSA signature, SHA-1, and Pseudo-random 

number generation algorithms by each of the cryptographic devices. 



25 
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